Start tracking your progress
Trailhead Home
Trailhead Home

Restrict Data Access with Field-Level Security, Permission Sets, and Sharing Settings

Create Permission Sets

Permission sets grant additional permissions to specific users, on top of their existing profile permissions, without having to modify existing profiles, create new profiles, or grant an administrator profile where it's not necessary.

Create a new permission set for hiring managers.

  1. From Setup, enter Permission Sets in the Quick Find box, and select Permission Sets.
  2. Click New, and enter the details.
    • Field Label: Hiring Manager
    • Description: 
      Temporary permission set for those Hiring Managers that need to interview candidates for positions in their department
    • User License: Salesforce
  3. Click Save.
  4. Click Assigned Apps in the Apps section, then click Edit.
  5. Select Recruiting from the Available Apps list and click Add. Available Apps list for the Hiring Manager permission set
  6. Click Save.
  7. Click the Down arrow iconin the Assigned Apps list and select Object Settings.
  8. Select Interviewers from the object list, and click Edit.
  9. Select Visible under Tab Settings.
  10. Select Read, Create, and Edit from the Object Permissions list.
  11. Click Save.
  12. Repeat steps 8-11 for the Job Applications, Job Postings, Job Posting Sites, Positions, and Reviews objects. Set the permissions to reflect what is shown in this table provided by Ling Wu.
Object Tab Setting Read Create Edit Delete
Interviewers
Visible





Job Applications
Visible







Job Postings









Job Posting Sites
Visible







Positions
Visible





Reviews
Visible




 

Modify Field-Level Security

All standard objects have a predefined set of fields to capture common business information. While they can’t be deleted, field-level security can make them invisible. Field-level security controls which fields a profile or permission set can view and edit, overrides any less-restrictive field access, and controls settings in page layouts and search layouts. 

Field-level security is universally enforced regardless of how a user is accessing Salesforce—page layout, related lists, report, and so forth. For this reason, field-level security is the preferred way to secure sensitive and confidential information, like salary ranges HR recruiters and hiring managers work with in their app.

Start by setting field-level security for Salary Range field.

  1. From Setup, click Object Manager, and select Position.
  2. Click Fields & Relationships, then select Salary Range.
  3. Click Set Field-Level Security.
  4. For HR Recruiter and System Administrator, select Visible. (Ensure Visible is deselected for all other profiles.)
  5. Click Save.

Now set permissions.

  1. From Setup, enter Permission Sets in the Quick Find box, and select Permission Sets.
  2. Select Hiring Manager.
  3. Click Object Settings in the Apps section.
  4. Click Positions from the list of object names, and click Edit.
  5. Under Field Permissions, select Read Access and Edit Access for Salary Range. Field Permissions list for hiring manager highlighting the Salary Range field with Read Access and Edit Access checked.
  6. Click Save.

Create Sharing Settings

In order to access a record, users must have the appropriate object permission on their profile or a permission set. By changing sharing settings from the organization-wide defaults, you set the default level of access users have to records they do not own in each object. 

Ling Wu would like job postings to be the only HR custom object with public access. Achieve this by changing the organization-wide default sharing settings.                                                                                               

Set the organization-wide defaults for Recruiting app objects.

  1. From Setup, enter Sharing Settings in the Quick Find box and select Sharing Settings.
  2. Click Edit in the Organization-Wide Defaults section.
  3. Select Private for the Candidate object.
  4. Select Private for the Interviewer object.
  5. Select Private for the Job Application object.
  6. Select Public Read Only for the Job Posting Site object.
  7. Select Private for the Position object.
  8. Click Save.

By creating a custom profile, creating permission sets, updating field-level security, and modifying organization-wide default sharing settings, you’ve made AW Computing’s recruiting app a more secure tool. Ling Wu can rest easy knowing that her team—and anyone else accessing the app—will only see the data they’re authorized to see.  

Note

Note

Updating the Organization-Wide Default settings might take some time to process. After you click Verify step, if you get an error relating to any of the Organization-Wide Settings updates you just made, wait a few minutes and try again.

retargeting